Public key not available error

From MEPIS Documentation Wiki

Apt-get includes package authentication in order to improve security. You can still install non-authenticated packages, but if you want to take advantage of this feature do the following (note that not all the deb repositories implemented this feature, if you upgrade from such a repository you'll get a "packages could not be authenticated" warning).

Easiest method

Works for MEPIS 8, 8.5 and 11.

Enable the Community repositories, then install checkaptgpg with Synaptic. Then, when you get a warning about a public key not being available, run this application by clicking StartMenu > System > Check Apt GPG. Enter Y and then the root password. When it is finished, the window will disappear.

Manual method

If you get a warning similar to this:

W: GPG error: ftp://ftp.nerim.net unstable Release: The following signatures couldn't be verified
because the public key is not available: NO_PUBKEY 07DC563D1F41B907

Note the 16 character string of seemingly random numbers and letters? That is the public key, put that in place of <pubkey> in the instructions below.

Script method

You can use a script developed by Community members to do this task for you in the following way:

Right-click the desktop Create New --> Text File, and name it gpgerror_fix

Open the file and paste in the following:

#!/bin/sh
# checkaptget - check the .gpg signed Release files for missing keys
# Check if I am root for use later.
if [ $(id -u) -ne 0 ]; then
ROOT=0
else
ROOT=1
fi
# Will we need to be rerun as root?
RERUN=0
# The location of the trusted keyring.
APT_TRUSTED=/etc/apt/trusted.gpg
# The location of the Release files.
APT_LISTS=/var/lib/apt/lists
# Get a list of repositories for which we have downloaded a Release file
REPOSITORIES=`ls $APT_LISTS | grep Release$`
# For each repository look for a matching Release.gpg signature
for repo in $REPOSITORIES
do
echo Checking $repo
RELEASE=$APT_LISTS/$repo
GPG=''
if [ -s $RELEASE.gpg ]
then
GPG=$RELEASE.gpg
else
if [ -s $APT_LISTS/partial/$repo.gpg ]
then
GPG=$APT_LISTS/partial/$repo.gpg
else
if [ -s $APT_LISTS/partial/$repo.gpg.reverify ]
then
GPG=$APT_LISTS/partial/$repo.gpg.reverify
fi
fi
fi
if [ $GPG ]
then
# We have found a Release.gpg signature
ANSWER=`gpg -q --no-default-keyring --keyring $APT_TRUSTED --verify $GPG $RELEASE 2>&1`
if [ $? -ne 0 ]
then
# GPG errored -
# Assume that an ID was included in the error message in the form
# ... ID <GPGID> ...
IDFOUND=0
for xx in $ANSWER
do
if [ $IDFOUND -eq 0 ]
then
if [ "ID" = "$xx" ]
then
IDFOUND=1
fi
else
GPGKEY=$xx
break
fi
done
if [ $ROOT -eq 1 ]; then
# We are root, so we can try to download the key.
apt-key adv --keyserver hkp://subkeys.pgp.net --recv-key $GPGKEY
# Assume it worked.
else
# We are not root, so output a message.
echo " Missing GPG ID $GPGKEY"
RERUN=1
fi
else
echo " Good GPG signature found."
fi
else
echo " No GPG Release signature found."
fi
done
if [ $RERUN -gt 0 ]; then
echo
echo "Rerun as root to download the missing keys."
fi

Save the file, then right-click it, click the Permissions tab, and check Is executable.

Move the file to /usr/local/bin

Now you can run the script by typing gpgerror_fix in a terminal, and it will check and fix all keys automatically.

If you like, you can create a desktop link or menu entry for it; in the latter case, be sure to have it open in a terminal, and add "sleep 10" at the end of the script so you can see the results before it exits.